Cloning github repo in pipeline script using withCredentials

Using Jenkins Ask a question
1

Hello all,
I have a Jenkins build that runs using a groovy pipeline script. For one of the steps, I need to clone a different GitHub repo. I am trying to use the withCredentials method to run the rest of the stage via powershell. I created the secret text credential in Jenkins but I do not understand the variable: argument. Can anyone explain that argument and what I need to do to get this to work? As of right now it times out during the clone. See snippet of pipeline script below:

  stages {
    stage('Check and Schedule') {
      steps {
          withCredentials([string(credentialsId: 'MySecretTextCredential', variable: 'WHAT_GOES_HERE?')]) {
          	pwsh '''
		  git clone https://github.com/myGitHubRepo
	  	'''
      }
    }
  }

Jenkins setup:

Jenkins: 2.492.1
OS: Windows 10 - 10.0
Java: 17.0.4.1 - Oracle Corporation (Java HotSpot(TM) 64-Bit Server VM)
---
active-directory:2.39
ansicolor:1.0.6
ant:513.vde9e7b_a_0da_0f
antisamy-markup-formatter:173.v680e3a_b_69ff3
apache-httpcomponents-client-4-api:4.5.14-269.vfa_2321039a_83
asm-api:9.7.1-97.v4cc844130d97
authentication-tokens:1.131.v7199556c3004
bootstrap5-api:5.3.3-2
bouncycastle-api:2.30.1.80-256.vf98926042a_9b_
branch-api:2.1214.v3f652804588d
build-timeout:1.36
caffeine-api:3.2.0-161.v691ef352cee1
cctray-xml:97.vb_8e5e9f9b_464
checks-api:367.v18b_7f530e54a_
cloudbees-folder:6.982.vf165a_16c9507
command-launcher:118.v72741845c17a_
commons-lang3-api:3.17.0-84.vb_b_938040b_078
commons-text-api:1.13.0-153.v91dcd89e2a_22
config-file-provider:982.vb_a_e458a_37021
coverage:2.2.0
credentials:1408.va_622a_b_f5b_1b_1
credentials-binding:687.v619cb_15e923f
cvs:471.v28a_41b_03ee4f
data-tables-api:2.2.2-1
display-url-api:2.209.v582ed814ff2f
docker-commons:445.v6b_646c962a_94
docker-workflow:601.ve2c028908db_f
durable-task:581.v299a_5609d767
echarts-api:5.6.0-2
eddsa-api:0.3.0-13.v7cb_69ed68f00
email-ext:1876.v28d8d38315b_d
emailext-template:224.va_f6a_ecd5d46e
external-monitor-job:221.v35059272565b_
font-awesome-api:6.7.2-1
forensics-api:3.0.0
git:5.7.0
git-client:6.1.2
git-server:126.v0d945d8d2b_39
github:1.42.0
github-api:1.321-478.vc9ce627ce001
github-branch-source:1810.v913311241fa_9
gradle:2.14.1
gson-api:2.12.1-113.v347686d6729f
htmlpublisher:424.va_e57f1253461
instance-identity:201.vd2a_b_5a_468a_a_6
ionicons-api:82.v0597178874e1
jackson2-api:2.17.0-389.va_5c7e45cd806
jakarta-activation-api:2.1.3-2
jakarta-mail-api:2.1.3-2
javadoc:310.v032f3f16b_0f8
javax-activation-api:1.2.0-8
javax-mail-api:1.6.2-11
jaxb:2.3.9-133.vb_ec76a_73f706
jdk-tool:83.v417146707a_3d
jjwt-api:0.11.5-120.v0268cf544b_89
jnr-posix-api:3.1.20-125.vb_6ec4b_21b_15e
jobConfigHistory:1305.vf20a_356586b_8
joda-time-api:2.13.1-115.va_6b_5f8efb_1d8
jquery3-api:3.7.1-3
jsch:0.2.16-95.v3eecb_55fa_b_78
json-api:20250107-125.v28b_a_ffa_eb_f01
json-path-api:2.9.0-148.v22a_7ffe323ce
jsoup:1.18.3-30.v952e9442d416
junit:1317.v5b_35d792b_06a_
ldap:776.vddf3e325103b_
lockable-resources:1349.v8b_ccb_c5487f7
mailer:489.vd4b_25144138f
mapdb-api:1.0.9-44.va_1e1310c9118
matrix-auth:3.2.4
matrix-project:845.vffd7fa_f27555
mercurial:1309.v6802b_f0efb_b_9
mina-sshd-api-common:2.14.0-143.v2b_362fc39576
mina-sshd-api-core:2.14.0-143.v2b_362fc39576
mstest:1.0.5
nant:248.vcc8a_3eec8db_a
nunit:571.v30a_1e3f86709
okhttp-api:4.11.0-183.va_87fc7a_89810
pam-auth:1.11
permissive-script-security:0.7
pipeline-build-step:555.v589d5c24a_3d6
pipeline-github-lib:65.v203688e7727e
pipeline-graph-analysis:231.v56354571a_da_0
pipeline-groovy-lib:752.vdddedf804e72
pipeline-input-step:515.v8857b_eb_b_910c
pipeline-milestone-step:127.vb_52887ca_3b_6d
pipeline-model-api:2.2234.v4a_b_13b_8cd590
pipeline-model-definition:2.2234.v4a_b_13b_8cd590
pipeline-model-extensions:2.2234.v4a_b_13b_8cd590
pipeline-multibranch-defaults:2.1
pipeline-rest-api:2.37
pipeline-stage-step:322.vecffa_99f371c
pipeline-stage-tags-metadata:2.2234.v4a_b_13b_8cd590
pipeline-stage-view:2.37
plain-credentials:183.va_de8f1dd5a_2b_
plugin-util-api:6.0.0
prism-api:1.29.0-19
resource-disposer:0.25
scm-api:704.v3ce5c542825a_
script-security:1373.vb_b_4a_a_c26fa_00
snakeyaml-api:2.3-123.v13484c65210a_
ssh-credentials:349.vb_8b_6b_9709f5b_
ssh-slaves:3.1031.v72c6b_883b_869
sshd:3.353.v2b_d33c46e970
structs:343.vdcf37b_a_c81d5
subversion:1287.vd2d507146906
thinBackup:2.1.2
timestamper:1.28
token-macro:444.v52de7e9c573d
trilead-api:2.192.vc50a_d147e369
variant:70.va_d9f17f859e0
workflow-aggregator:600.vb_57cdd26fdd7
workflow-api:1363.v03f731255494
workflow-basic-steps:1079.vce64b_a_929c5a_
workflow-cps:4018.vf02e01888da_f
workflow-durable-task-step:1405.v1fcd4a_d00096
workflow-job:1505.vea_4b_20a_4a_495
workflow-multibranch:803.v08103b_87c280
workflow-scm-step:437.v05a_f66b_e5ef8
workflow-step-api:700.v6e45cb_a_5a_a_21
workflow-support:961.v51869f7b_d409
ws-cleanup:0.48
2

The variable is the environment variable that will get the secret. So you will need to use that in the git clone command
But why not use the checkout or git step to clone the repo?

3

I am updating an existing script that had the cloning embedded in the groovy script. It got broken when our organization changed our github account. So I was hoping it would be easier to update the existing script rather than redo the whole infrastructure of this build.

With that being said, I dont see how this variable would be used in the git clone, it wasn’t doing that before when it worked. the call to clone was the simple:

git clone http:\\mygitrepo.com

4 
pipeline {
    agent any
    stages {
        stage('Manual Clone') {
            steps {
                withCredentials([usernamePassword(credentialsId: 'git-https-creds', 
                                                  passwordVariable: 'GIT_PASSWORD', 
                                                  usernameVariable: 'GIT_TOKEN')]) {
                    // Inject the variables directly into the HTTPS URL
                    sh 'git clone https://${GIT_USERNAME}:${GIT_TOKEN}@github.com/your-org/your-repo.git'
                }
            }
        }
    }
}
5

I did end up using the git step as the best fix. Thanks

1 Like